Google Redirection on IE, Blocked Firefox from Starting

I have been experiencing the google redirection malware issue on IE. Clicking on a google link will sometimes take me a random page (not always). Firefox won't boot - and log scan by Mozilla tech indicated Malware is stopping it. I have run the Readme/Malware scans and I am not finding anything.

 

Where are the logs running SAS and MBAM?
Note: You renamed your log from ComboFix to MB Scan.txt. For future reference, leave it as ComboFix.txt.

 

Here are the files for MBAM and SAS.

 

From Add/Remove Programs (via Control Panel), uninstall the below:

• Java(TM) 6 Update 22 <-- old

What are these programs?

• 1E Shopping Probe
• 1E WakeUp Agent

Are these programs you use? If not, uninstall them as well.

Do you know what this file is for? (Is it something you created) -- c:\windows\winstart.bat

If you do not know, could you please get this file: winstart.bat into a zipped file and attach it for me in your next post? To do this, see the below:

Start > Run > cmd
Now paste in the following:

Press ENTER
This file I need can found at C:\collect.zip
Attach collect.zip to your next message. (How to attach items to your post)

Please download Disable/Remove Windows Messenger by Doug Knox to your desktop.
See the download links under this icon:

• Double-click MessengerDisable.exe
• Place a check-mark in Uninstall Windows Messenger
• Click Apply
• Click Exit

Now download GooredFix by jpshortstuff to your desktop.
See the download links under this icon:

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Win 7).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear.
• Please attach the GooredFix.txt log to your next reply (it can be found on your desktop). (How to attach items to your post)

Now we need to make use of ComboFix by sUBs

• Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
  • If it is not on your desktop, the below will not work.
• Shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

KillAll::
File::
C:\Documents and Settings\usd37948\Local Settings\Application Data\BIT31.tmp
C:\Documents and Settings\usd37948\Local Settings\Application Data\FnF4.txt
C:\Documents and Settings\usd37948\Local Settings\Temp\BCGB.tmp
C:\Documents and Settings\usd37948\Local Settings\Application Data\AtStart.txt
C:\Documents and Settings\usd37948\Local Settings\Application Data\QSwitch.txt
C:\Documents and Settings\usd37948\Local Settings\Application Data\DSwitch.txt
Folder::
C:\Documents and Settings\usd37948\Local Settings\Temp\wz326b
DirLook::
C:\Documents and Settings\All Users\Application Data\1E
C:\Program Files\1E
C:\WINDOWS\$968930Uinstall_KB968930$
c:\documents and settings\usddalccms-admin25\IETldCache
FileLook::
C:\framepkg.exe
C:\WINDOWS\system32\drivers\FireNfcp.sys
c:\windows\system32\sfcfiles.dll
FireFox::
FF - ProfilePath - c:\documents and settings\usd37948\Application Data\Mozilla\Firefox\Profiles\015epyee.default\
FF - prefs.js: network.proxy.type - 2

• Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
• At this point, you must exit all browsers now before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
  
• This shall launch ComboFix.
  Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
• Allow ComboFix to update itself if prompted.
• When it finishes, a log will be produced at C:\ComboFix.txt
  Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
• Attach this log to your next message. (How to attach items to your post)

Now install the current version of Sun Java from: Sun Java Runtime Environment

Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​

 

I did everything up to Gooredfix.exe. I need to talk to my IT group to gain admin access to run it. HOwever it appears to work - Firefox is running again. I have also attached the file (zipped) for Winstart.bat Thank you!!!!

 

Great, if you have any other trouble let me know.

By the way, winstart.bat wasn't an infection. It was blank. You can leave this alone or delete it, doesn't really matter either way.